<?php
/*
 * Created on 23April2005
 * Author: Eric Weinert (drakew@gmail.com)
 */

require_once ($DOCUMENT_ROOT . '/includes/functions.php');

session_start ();

db_connect ();

if (is_admin ())
{
		do_header ('Remove Review', '');
		echo "<h1>Remove a Review</h1>";
		
		$id = $_GET[id];
		
		if ($submit)
		{
			db_connect ();
			
			$id = $_POST[id];
			$teacherid = $_POST[teacherid];
			$rating = $_POST[rating];
			
			// update ilist
			$query = "SELECT * FROM ilist WHERE id='$teacherid'";
			$result = mysql_query ($query)
				or report_error ($PHP_SELF, mysql_error (), "can not query teacher", $_SESSION['valid_user']);
			
			$line = mysql_fetch_array ($result);
			$cum = $line[rating] - $rating;
			$total = $line[ratingTotal] - 1;
			
			$query = "UPDATE ilist SET rating='$cum', ratingTotal='$total' WHERE id='$teacherid'";
			$result = mysql_query($query) 
				or report_error ($PHP_SELF, mysql_error (), "can not update teacher", $_SESSION['valid_user']);
				
			// remove the votes associated with the review
			$query = "DELETE FROM vote WHERE id='$id'";
			$result = mysql_query ($query);
				
			// delete from review
			$query = "DELETE FROM reviews WHERE id='$id'";
			$result = mysql_query ($query);
			
			echo "<p>review has been deleted</p><p><a href='/read.php?id=$teacherid'>back to teacher</a></p>";
		}
		else
		{
			echo "<form method='post' action='$PHP_SELF'>";
			db_connect ();
			$query = "SELECT * FROM reviews WHERE id='$id'";
			$result = mysql_query($query) 
				or die('Query failed: ' . mysql_error());

			// Print out the review to verify
			$line = mysql_fetch_array($result);
			echo "<p>" . $line[comment] . "</p>";
			
			echo "<input name='teacherid' type='hidden' value='$line[teacherID]' />
			<input name='rating' type='hidden' value='$line[rating]' />
			<input name='id' type='hidden' value='$id' />";
			
			// Free resultset
			mysql_free_result($result);

			echo "<p><a href='/list.php' title='back to list'>cancel</a></p>
			<p><input type='submit' value='Remove' name='submit'></p></form>";
		}
}
else
{
	do_header ('Failure');
	echo "<p>Failure: You are not an administrator</p>";
}
do_footer ();
?>